Browser saying your password is unsafe? Here's what to do

A student looks at a computer screen.

Published February 21, 2023

Not all notifications warning you your password has been involved in a data leak are legit. Using caution and understanding your browser preferences are key. 

Author

Canfield photo.

Michael Canfield joined UB in January 2023 as an IT Communications Specialist for UBIT. A former newspaper reporter with a background in higher ed communication, Michael is also a volunteer firefighter. When he’s not writing or learning about all things UBIT, Michael likes to spend time with his wife and two English bulldogs, Franky and Grace. He’s also an avid student of the Battle of Gettysburg and a (sometimes) hockey writer.

Ever login to your UBITName account and get a message from your browser saying that your password was in a data leak and might be unsafe?

It’s a scary feeling. Was my account breached? Was the school’s network compromised? 

The short answer, fortunately, is probably not. 

What your browser does

The browser you’re using—for instance, Safari or Chrome— will automatically search for passwords that have been involved with data breaches, if you’ve enabled your browser to save your login credentials. 

When you get that warning, it most likely means the browser detected the password involved in a leak at some point. It doesn’t mean there was a breach at UB or that your specific account was involved in a breach. In all likelihood, the password you’re using was compromised elsewhere. However, any account that uses this password is at risk and should be changed immediately.  

Be careful!

Saving passwords in a browser is risky and should be avoided. If you haven’t enabled your browser to save your credentials and receive a message saying your password was compromised, it could be a phishing scam. Be careful not to click on it.

Use individual passwords

There are some ways to reduce the changes of this happening. The best way is to use individual passwords for each website you log into. While it can be difficult to remember multiple passwords for different sites, your browser will suggest strong passwords for you.

If you do get a legitimate notification from your browser letting you know that your password has been compromised at some point, the best thing to do is to change it. Your browser may be able to tell you which passwords you use have been compromised and give you the ability to change them.  

Better yet, use a passphrase

It may be frustrating to make and remember new passwords, but there's a trick for making hard-to-crack passwords that you can easily remember.

Turn your password into a passphrase by writing an entire sentence that’s specific to you, and quirky enough to remember without too much effort. For example, consider the following sentence: “Triangles are classified according to angles and sides.”

That sentence has 57 total characters, including a capital letter and a symbol. Better yet, it contains no personal information that could lead someone to guess it.

Stay safe!

If you believe someone may have unauthorized access to your UBIT account, contact the UBIT Help Center immediately—they’ll help you reclaim and secure your account.

For more tips to protect yourself online, visit buffalo.edu/ubit/safe